Updating the Default Certificate for HTTPS Connections
SAP Mobile Platform Server includes a default self-signed certificate, which you must replace with a production-ready certificate. SAP recommends that you use the existing alias when you import a new certificate; that way, you can update all the certificates at the same time.
The server and Management Cockpit share the local keystore, local_smp_keystore.jks, which is located in the <SMP_HOME>\Server\configuration directory.
- Generate new production-ready certificates: Use your PKI system to generate SAP Mobile Platform Server certificates and key pairs, and have them signed with the Certificate Authority (CA) certificate that is used in your organization. Verify that you:SAP Mobile Platform is compliant with certificates and key pairs that are generated by most well-known PKI systems.
- Use the existing alias smp_crt.
- Set the CN of the certificate to *.<MyDomain>.
- Select .
Click the Import icon , and in the Import
Certificate dialog, enter:
Certificate Type – PKCS #12.
Alias – smp_crt.
Certificate File – click Browse, and select the certificate file.
Private Key Password – a valid password for the private key.
If the certificate is imported successfully, a green box appears in the Valid column.
(Optional) To generate a certificate signing request,
identify the certificate, and select
The signing request is downloaded to the server.
(Optional) To upload a certificate PKCS #7 signed response, select
The signed response is uploaded to the keystore.